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Abstract 

We derive a novel version of information-disturbance theorems for mutually 
unbiased observables. We show that the information gain by Eve inevitably 
makes the outcomes by Bob in the conjugate basis not only erroneous but 
random. 
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I. INTRODUCTION 



In 1984, Bennett and Brassard [1] proposed a quantum key distribution protocol which is 
now called as BB84 protocol. Its unconditional security was first proved by Mayers [2] in 1996 
and after his proof the various proofs [3-5] have appeared. Among them, a proof by Biham, 
Boyer, Boykin, Mor, and Roychowdhury [4] is based upon a so-called information disturbance 
theorem. According to the theorem, the information gain by Eve inevitably induces errors in 
outcomes obtained by Bob. This disturbance enables Alice and Bob to notice the existence 
of eavesdroppers. As well as its application to BB84 protocol, since it can be regarded 
as an information theoretic version of uncertainty relation, the theorem has attracted many 
authors [6-8]. Recently, Boykin and Roychowdhury [9] showed a simple proof of the theorem 
in an arbitrary dimension by using purification technique and trace norm inequality. We, in 
this paper, derive a different version of the theorem. Our information-disturbance theorem 
is an inequality between the information gain by Eve and the randomness (rather than error 
probability) of the outcomes obtained by Bob. We compare our theorem with the previous 
one and discuss its implication. 



Let us begin with a setting. Three characters, Alice, Bob and Eve play their roles. Our 
setting is a simplified version of BB84 quantum key distribution protocol. The following 
analysis, however, can be applied to the full BB84 protocol with public discussion procedures. 
Let us consider two pairs of orthogonal states, b := {|0), |1)} and its conjugate!) := {|0), |1)} 
in C 2 . They are assumed mutually unbiased with each other. That is, 



holds for each pair of i, k e {0, 1}. Alice first selects b or b which is used to encode a random 
number. Alice next randomly generates an iV-bits sequence i G {0, 1}^ with probability 
p(i) = 2iv. We write A a random variable representing this iV-bits sequence. Alice encodes 
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II. SETTING 




this information on A-qubits and sends them to Bob. For instance, suppose that Alice 
selects b and generates a sequence i = ■ ■ - in, she sends the corresponding state \i) = 
<8> \h) <£>•••<£) \in) £ C 2 ® • • • ® C 2 =: Ha — Hb to Bob. If the conjugate basis b and a 
sequence j = jij 2 ■ • ■ Jn are chosen, the state sent to Bob is \ j) = \ji)<8> \ 32) <E> • • • <E> \jn) £ Ha- 
Alice, after confirming that Bob actually has received iV-qubits, informs him of the basis she 
used. Bob makes a measurement with respect to the basis and obtains an outcome. Let us 
write B the random variable representing this outcome. If there is no eavesdropper, A = B 
naturally follows. Eve wants to obtain the information of the random variable A. For the 
purpose, Eve prepares an apparatus and makes it interact with the iV-qubits sent to Bob 
by Alice. Let us denote He a Hilbert space describing Eve's apparatus. In general, Eve's 
operation is described by a unitary operator U, 

U :He®Ha^H e ®H b 

|0)®|i)^£|^.)(g)|j), (1) 
j 

where |0) is a normalized vector in He and {\Eij)} C He satisfies unitarity condition: 
J2je{o,i} N {Eij\E k j) = 8 ik . After this interaction, Eve tries to make an optimal measurement 
on her apparatus to extract the information of A. 

III. INFORMATION-DISTURBANCE THEOREM 
A. Information v.s. Error 

One can show that if Eve's operation yields herself to gain large information, error 
probability in qubits sent to Bob in the conjugate basis becomes inevitably large. It has 
been called as information- disturbance theorem and was proved in [4,9]. 

The representation (1) depends upon the choice of the basis. It is useful to rewrite 
the same unitary operator in the conjugate basis, b. Using \i) = J2ie{o,i} N 10 and 
\i) = T,je{o,i}» \j)Q\i), w e obtain U\0) <g> |7) = T, se {o,i} N \ E is) <8> \s), where \E U ) : = 
E !je{ o,i}« \ E ij){s\j){i\l)- 
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When Alice chooses basis b and a sequence i G {0, 1}^, a state obtained by Eve is 
computed as p l Eve := J2je{o,i} N Later we consider how much information Eve can 

extract from it. When Alice chooses another basis b and a sequence i, Bob obtains a state 

e (e«ie«>imi (2) 

^€{0,1}" 

in the presence of Eve. Later we consider the error it induces to the outcome. 

Let us begin with Eve's information gain. Eve performs a measurement (POVM) X := 
{X a } on her state. (POVM is a family of positive operators satisfying J2 a X a = 1.) We put 
E[X] a random variable representing the outcome. Probability to obtain an outcome a is 
p(a\i,b) = tr (X a p Eve ). Information gain by Eve with respect to a POVM X is calculated 



as, 



I (A : E[X]\b) = H (A\b) + H (E[X]\b) — H (A, E[X]\b) 
1 



I l ogp(a\i)- log J2p(a\j) I + N, 



a i \ j 

where H(-) means Shannon entropy. What we are interested in is its optimal value with 
respect to all the possible measurements by Eve: 

I (A : E\b) := sup {/ (A : E[X]\b) \X = {X a }is a POVM in H E } ■ 

Now we consider outcomes obtained by Bob in the conjugate basis. Remind that when 
Alice chooses basis 6, the state sent to Bob is (2). Bob makes a measurement of an observable 
J2j\j)(j\- We put B a random variable for this outcome. The probability to obtain each 
outcome is expressed as p(j\i,b) = (Eij\Eij). Thus probability to obtain an outcome whose 
difference from input iscG{0,l} Ar , is 

p[B = A © c\b) := ]T ^p(i © c\i, b) 

= Hat i®c\Ei i© c ), (3) 

A i 

where the symbol "©" is a bit-wise XOR operation. By use of these quantities, the 
information-disturbance theorem obtained by Boykin and Roychowdhury is expressed as 
[10] 



I(A : E\b) < AN IJ2p( b = A®c\b), (4) 

whose right hand side is proportional to the square root of the error probability in Bob's 
outcome. That is, their theorem claims that the information gain by Eve makes Bob's 
outcome in conjugate basis erroneous. 



B. Information v.s. Randomness 

We next derive a new information-disturbance theorem which relates information gain 
by Eve with randomness in Bob's outcome. 

To estimate the information gain by Eve, we introduce a symmetrized attack as in [4]. 
We add N auxiliary qubits to Eve's apparatus and thus the Eve's Hilbert space is dilated 
to He> '■= C 2 ® • • • ® C 2 ® He- Introduce a set of new vectors {\E^)} in this Hilbert space 
He' as 



» ™<=.rn ujv 



me{0,l}' 

where "©" is again a bit- wise XOR operation and "•" represents bit-wise multiplications 
followed by their summation. Introduce a symmetrized attack as 

u s : h e > ®n A ^ n E ' ® n B 

(io>®io»®i<>^x;i^>®ii> 

3 

which can be extended to satisfy unitarity condition [4]. Although this symmetrized attack 
is different from the original attack, it is shown below that to treat this new attack is useful. 

If we employ the symmetrized attack, Eve has a state described as p l E veaym '■ = 
J2je{o,i} N \Etj){Eij\- To extract the information from it, she can measure the value of the 
auxiliary iV-qubits and then apply a POVM X = {X a } on the original apparatus He- It 
is shown that this strategy gives same amount of information with the original attack. The 
values obtained by the first measurement are equally distributed, that is, each value m is 
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obtained with probability t^t . After obtaining a value m, the reduction of wave packet forces 
the state into 

Pm := \ Ei^ m j®m) {Ei^ m j® m \- 
3 

The second measurement gives a probability 

p s (a\i,m) = '^2(Ej® m j®m\X a \Ei^ m j© m ), 

3 

from which it is easy to see that p s (a\i,m) = p(a\i © m) holds. Thus by using conditional 
probability p s (a,m\i) = ^p(a\i © m), mutual information can be computed to coincide 
with I(A : Taking a supremum over all the possible POVM over the full Hilbert 

space Ti E i can make it larger and therefore the following inequality holds [4], 

I(A : E\b) < I(A : E\b) sym , (5) 

where the right hand side is the optimal information gain by the symmetrized attack. 
Now we can state our theorem. 

Theorem 1 The following inequality holds: 

I (A : E\b) < H(A © B\b), (6) 

where H(-) is the Shannon entropy. That is, the information gain by Eve in the basis b 
makes the outcome of measurement by Bob in the conjugate basis b random. 

Proof: We can prove the theorem by first symmetrizing the attack and next bounding 
Eve's information gain by Holevo's inequality. Thanks to (5), it is sufficient to estimate the 
quantity I(A, E\b) sym for our purpose. Holevo's theorem [11] bounds it from above as 

I(A : E\b) sym < S PEve,symJ ~ ^N^ (PEve,sym) 

• X ({P_B?je,sj/m.}) i 

where S(p) is von Neumann entropy of a state p. There exists a useful representation of 
this quantity x- Consider another additional iV-qubits Hilbert space 7i R and a state over 
Hr®H e >, 



® - — X! 2Jvl*)(*l ® PEve,sym- 

i 

Its quantum mutual entropy between Hp and He is shown to coincide with the quantity 

X i\^PEve,syni\^j > 

7(6) :=S{Q\ EI ) + S{Q\ R )-S{Q)=X ({PE V e,sy m }) , 

where Q\ E , is a restricted state to He' of 9 and Q\ R is defined in the same manner. To 
estimate this quantity, we consider a purification of p l E Ve sym - Introduce another iV-qubits 
system Hp and states over He 1 ® Hp [4], \(fi) := J2j \Efj) <8> \i © j). A state over Hr <E> 
7ie' ® 7ip defined as 

© := ® I<a}(<aI 

i 

gives 6 if restricted to Hr®He>- By using subadditivity for the entropy difference [12], the 
mutual entropy 1(0) between Hp and He'®Hp is shown to be larger than 1(0). Therefore 
we estimate the quantity, 

:=s(e| E , p ) + s(e|J-5(e). 

Now we compute the restricted states over the subsystems, 



e 



R 



1 



E'P 



The von Neumann entropy of 



R 



is N. 



To compute the von Neumann entropy of itself, we purify this by adding an additional 
iV-qubits Hp and define a state over Tip <8> Hr ®He< <8> Hp, 



Taking partial trace over Hp ®He' ®Hp leads 



whose entropy also is N. Thus the mutual entropy is completely determined by / as 

E P 

Now let us calculate the von Neumann entropy of . Again a purification using an 

E 1 P 

additional iV-qubits Tiz to He' <8> 'Hp gives a state 



on ?Yz © 7Y S ' © 7Yp. Its restriction to 7i z gives 

1 

2^ 



jj n 



whose entropy agrees with /(G). Let us consider its components with respect to the basis 
{\i}}. Since 

u n u 

holds, it depends upon only i © j. We write it as f(i © j) to represent a as 
which can be diagonalized by an orthonormalized vectors 



as (j = X)« Az|/u/)(/^|, with A; := ^ St f(t)(—l) t4 - The eigenvalue A; is calculated as 

a^^E/W- 1 )^ 

= ^/v E t>en | -Eteu te«£>n)( — 1)* J 



2 iV 



1 ^ 2 



EEE(%l^'>0>©^)(^l^(*© v ©^b'')( i ^©^>(- 1 )*'- 

t,n,i> ij i'j' 



Since we are treating mutually unbiased case 



(^) = \/^(-ir fe 



holds, where i ■ k := J2n=i ^nk n - It leads 

which is nothing but p{B = A © l\b) introduced in (3). Finally we obtain the following 
inequality, 

I(A : E\b) < H(A © B\b). 

Q.E.D. 

IV. DISCUSSIONS 

Below we discuss the implication of our theorem by comparing it with the former one. 
Since the right hand side of our inequality is determined by {p(B = A © c\b)}, it can be 
reduced to a form which includes only the term Y, c ^oP(B = A © c\b). 

Corollary 2 [13] The following inequality between the information gain by Eve and the 
error probability in Bob's outcome holds: 

I {A : E\b) < -5 log 5- (1 - <y)log(l - 5) + N5, 

where 5 := J2c^oP(B = A © c\b). 

Proof: 

Under the constraint S = J2 C jtoP(B = A © c\b) for fixed 5, the distribution which makes the 
Shannon entropy H(A © B\b) maximum is p(B — A\b) — 1 — S and p(B = A © c\b) = -^rzi 
for all c 7^ 0. It gives 

H(A © B\b) = -Slog 8- (1 - 5) log S + 5 log(2 JV - 1) 

and ends the proof. Q.E.D. 
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For a fixed error probability 5 = J2 c ^oP(B = A® c\b), for sufficiently large N, the term 
N5 becomes dominant in the right hand side of the above equation. Thus our inequality 
becomes tighter than (4) in such a case. 

Finally we present a situation which shows a drastic difference between the two inequal- 
ities. Suppose that Eve employs the following "attack" : Eve does not make the qubits sent 
by Alice interact with any apparatus, but she just converts the each value. That is, for 
each qubit, Eve performs a unitary operation \i) i— > (— (i = 0, 1). One can easily see 
that also for the conjugate basis this operation works as conversion. In this case the error 
probability 8 becomes 1. Thus if we employ the inequality (4), it is impossible to rule out the 
possibility of Eve's information gain. On the other hand, since the error in Bob's outcome 
is deterministic, the right hand side of (6) vanishes. Thus our theorem can convince us that 
there is no information gain by Eve. 

In this paper we showed a novel version of information-disturbance theorems. According 
to our theorem, one can see that the information gain by Eve induces randomness to Bob's 
outcome in the conjugate basis. The both sides of the inequality are expressed in terms of 
entropy and thus seems to be natural. For large N case, in which we are usually interested 
in, our inequality gives tighter bound than the previously proposed ones. Moreover, our 
theorem can rule out the case when Eve just turns over the qubits and gains no information. 
Our theorem, as previous one, also relies upon the assumptions of fair probability of the 
random variable A and mutually unbiasedness between b and b. It will be very interesting 
and crucial to generalize the theorem to more general setting [14]. 
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